Fileinfo: parse .pdata section from PE(+) files

[PeterMatula]

It looks like PE(+) files may contain .pdata section with info on functions in the binary:

The Function Table (interpreted .pdata section contents)
vma:                    BeginAddress     EndAddress       UnwindData
 000000014001d000:      0000000140001010 0000000140001043 000000014001937c
 000000014001d00c:      0000000140001050 00000001400010be 0000000140019bbc
 000000014001d018:      00000001400010c0 0000000140001113 0000000140018fd0
...

It is referenced by the exception table entry:

The Data Directory
...
Entry 3 000000000001d000 00000f90 Exception Directory [.pdata]

It would be useful to parse it.

Specification: https://msdn.microsoft.com/en-us/library/windows/desktop/ms680547(v=vs.85).aspx#the_.pdata_section

Example file: ack.zip

Also, search the PE specification for other similar structures that we are not currently handling.

[LunNova]

Be careful with this, there will need to be an option to turn it off and the end address should not be trusted if code would fall through it.

Some malware has hidden instructions from IDA by editing the pdata end addresses: https://blog.talosintelligence.com/2017/10/disassembler-and-runtime-analysis.html